> From: Chris Bennett <ch...@bennettconstruction.biz> > Subject: Firefox malware in add-ons > To: "Misc" <misc@openbsd.org> > Date: Sunday, February 7, 2010, 11:45 PM > This article is about some add-ons > that are not safe. > Shockingly, :) they got by Mozilla's eyes > > http://blogs.zdnet.com/security/?p=5408&tag=content;col1 > > I might not post this, except I suspect that there are > other add-ons that are not secure. > > I recently had Firefox 3.5 open web pages "magically" > > I was at no sites that could do this themselves. > Around the same time, I discovered my own IP spoofed on my > server web logs AND a "secret-ish" web page was accessed > using that spoof. > > Since all my add-ons, except for one, were ones I have used > for a long time, I dropped the new one. > > I have had no more problems. > > Maybe I'm paranoid, but such a string of coincidences is > suspicious. >
I found this one article while I was browsing some OpenBSD developer websites and the link provided instructions on how to isolate Firefox as its own user and operate the browser in a wrapper so that if it was compromised then the directory that you normally keep your Firefox data in wouldn't be affected. Not sure how effective this method would actually be, though...
